As far as i know XG doesnt have a mesh VPN as such. I would recommend using RED vpns with Sophos XG, you could setup RED Server and client VPNs to each of your firewalls and that would give you vpn between your branches. But as XG has no mesh VPN as such you would need to setup routes so that each XG firewall could access all the branch's. You could get away with only 4 VPN links Server 1 to Server 2, 2 to 3, 3 to 4 and 4 to 1. Then as i mentioned just setup static routes so that branches that dont directly connect to another branch ie 1 to 3. Or you would setup VPNs from each branch to every other branch but that would get very complicated. The last method would be to setup an XG instance to act as a central hub Datacentre then setup RED VPNs between each branch to that XG. If it was me i would just setup RED VPNs from each branch to every other branch, that way you dont have the addional cost of licencing the Datacentre XG. When it comes to the Heartbeat you mentioned thats done by each endpoints local XG server, Sophos Central should detect which of your endpoints is behind which XG server as long as you have each XG servers logged in with an account from the same Central instance you have. Then in the Firewall rules on your XG servers you specify if you want to block traffic without a heartbeat or specify that if an endpoint has a Yellow or Red status then restrict traffic per status colours. Hope that helps JK
↧